The company complies with, as explained below, the Corporate Governance Code for Finnish listed companies issued by the Securities Market Association, which is a body established by the Confederation of Finnish Industries EK, the Central Chamber of Commerce, and NASDAQ OMX Helsinki Ltd. The code is publicly available on the cgfinland website.

More information about F-Secure's corporate governance can be found in this section.

Articles of Association

Business Name and Domicile The Finnish name of the Company is F-Secure Oyj and the English name is F-Secure Corporation, and the Company's domicile is the City of Helsinki.

Line of Activity The Company's line of activity shall be the production of software, the import, export and sale of computers, electric devices, software, and the supply of services related to information technology, as well as consultation, training and publication activities related to information technology. The Company may also be engaged in securities trading.

Book-Entry Securities System After a registration date specified by the Board of Directors, the shares of the Company will be incorporated in the book-entry securities system. After the registration date the right to receive funds distributed by the Company and to subscribe for shares when increasing the share capital shall be restricted to persons

Who have been registered as shareholders in the Shareholders' Register on the matching day

Whose right to payment has been registered on the matching day on the book-entry account of a registered shareholder and entered in the Shareholders' Register

or

In case a share is nominee registered, on whose book-entry account the share has been registered on the record date and whose nominee has been registered in the Shareholders' Register of the Company on the record date as the nominee of the shares.

Board of Directors The Company shall have a Board of Directors, which shall include at minimum three and at maximum seven ordinary members. The term of office of a member of the Board of Directors shall expire at the end of the first Annual General Meeting of Shareholders following the election.

Company President The Board of Directors of the Company shall appoint a President and determine his/her remuneration terms.

Signing of the Business Name In addition to the members of the Board of Directors, who can sign the business name of the Company jointly, the name can also be signed by the person or persons whom the Board of Directors has authorized to sign the business name, by the President of the Company and the Chairman of the Board of Directors alone, and by two members of the Board of Directors jointly. The Board of Directors shall decide on authorizing persons to sign for the Company per procuram.

Financial Period The financial year of the Company is the calendar year.

Auditors The Company shall have one Auditor, who shall be an auditing entity approved by the Finnish Central Chamber of Commerce. The term of office of the Auditor shall expire at the end of the first Annual General Meeting of Shareholders following the election.

Call to a General Meeting and Right to Participate in and Vote at the General Meeting.

The notice of a General Meeting of Shareholders shall be delivered to the shareholders within a period stipulated by the law by publishing the notice on the Company's website.

To be entitled to participate in the General Meeting, a shareholder shall notify the Company about his/her intention to participate in the General Meeting no later than on the date indicated in the notice.

At a General Meeting of Shareholders, each share has one (1) vote. The voting method shall be decided by the Chairman of the Meeting.

Annual General Meeting of Shareholders. The Annual General Meeting of Shareholders shall be held annually on the date designated by the Board of Directors within a period from the end of the financial year as defined by the law. In addition to the domicile of the Company, the General Meeting of Shareholders can be held in Espoo or Vantaa. At the Annual General Meeting there shall be presented

The financial statements and the Annual Report

The Auditors' Report (decisions made regarding)

The approval of the financial statement

The measures to which the profit or loss of the adopted balance sheet and/or consolidated balance sheet may give cause

The granting of release from liability to the Members of the Board of Directors and to the President

The remunerations of the Members of the Board of Directors and Auditors

The number of the Members of the Board of Directors (elected)

The members of the Board of Directors

One auditor and a reserve auditor, if necessary

Board of Directors

According to the Articles of Association, the Board of Directors of F-Secure Corporation shall contain a minimum of three and a maximum of seven permanent members. The annual shareholders' meeting shall decide on the number of Board members in accordance with the Articles of Association and elect the Board members. The Board members shall elect Chairman for the Board from among its members. The Board members shall also elect a secretary, who may be a non-member of the Board.

The term of the Board members is one year. The term ends at the end of the next Annual General Meeting of Shareholders that follows the election of the Board members. The number of terms of the Board members is not limited. The distribution of tasks or areas of responsibility of the Board members is not specified, except for the Committees set by the Board.

The majority of Board members shall be independent from F-Secure Corporation and from major shareholders of the Corporation. Board members shall be fully qualified for the task and able to devote a sufficient amount of time for Board work.

The Board of Directors represents all shareholders. The Board of Directors shall always work to the best advantage of the company and all of its shareholders. The Board of Directors shall manage the business of the company with the aim of achieving the best possible return on invested capital for shareholders in the long term.

The Annual General Meeting of F-Secure Corporation held on April 3, 2014 confirmed the number of Board members to be seve (7) members. The following members of the Board were re-elected for the period ending at the close of the next Annual General Meeting: Risto Siilasmaa (Chairman), Pertti Ervi, Anu Nissinen, Juho Malmberg, Jussi Arovaara and Matti Heikkonen. Peter Vesterbacka was elected as a new member.

The majority of F-Secure Corporation's Board of Directors, Pertti Ervi, Juho Malmberg, Anu Nissinen, Jussi Arovaara, Matti Heikkonen and Peter Vesterbacka, have no dependence neither on the company nor the significant shareholders. The Chairman of the Board, Risto Siilasmaa, is a major shareholder of the company.

The Board assesses its own work on an annual basis.

Board committees

The Board of Directors has two Committees; Audit Committee and Executive Committee (nomination and remuneration issues). The members of the Audit Committee are Pertti Ervi (Chairman), Jussi Arovaara, Matti Heikkonen and Peter Vesterbacka. The members of the Executive Committee are Risto Siilasmaa (Chairman), Juho Malmberg and Anu Nissinen.

Leadership Team

President and CEO

The Board of Director shall appoint the CEO and decide upon his/her remuneration and other benefits. CEO's duties include managing the business according to the instructions issued by the Board of Directors, present the matters to be dealt with in the Board of Directors' meeting, implement the matters resolved by the Board of Directors and other issues determined in the Companies Act.

The Board of Directors confirms the salary and other benefits of the CEO. The CEO's retirement age and the determination of his/her pension conform to the standard rules specified by Finland's Employee Pension Act. The period of notice for the CEO is twelve (12) months both ways and there are no separate compensations for dismissal. The CEO also belongs to the Company's long-term incentive program. Company CEO is Christian Fredrikson.

Leadership Team

F-Secure Corporation's Leadership Team assists the CEO in the management and development of the Group. The Leadership Team consists of the following persons: Christian Fredrikson (President and CEO), Johanna Orjatsalo (Human Resources and Facilites), Samu Konttinen (Consumer Security Business Line), Janne Juvonen (Customer and Market Operations), Jari Still (R&D Operations), Pekka Usva (Corporate Security Business Line) ja Saila Miettinen-Lähde (Finance and Supporting Services).

The CEO appoints the Leadership Team members and decides upon the terms and conditions of their employment. The Board of Directors approves the compensation for the executive teams. The bonuses and grant of stock options are based on the performance of the group and the individual. The Leadership Team assembles regularly once a month and separately as needed.

Risk Management

Risk management is an integrated part of F-Secure's governance and management. The goal is to support the achievement of the Company's objectives and continuity of the operations by ensuring that the Company:

Has comprehensive understanding of major risks, both opportunities and threats

Takes proactive action to manage opportunities and threats

Has systematic means to identify, analyze, evaluate and control risks

Has clear understanding of roles and responsibilities regarding risk management

Has systematic means to collect, analyze and learn from occurred risks

The foundation for risk management is defined in the Company's Risk Management Policy. It expresses the mandate and commitment for F-Secure Risk Management and the processes and practices that are in place to identify, communicate and manage material risks across the company. The policy also ensures that responsibilities have been appropriately delegated for Risk Management.

The Board of Directors is responsible for approval of the Risk Management Policy and determines the company's overall risk attitude. The Board of Directors and its Audit Committee are responsible for monitoring the company's top risks and related controls and the effective implementation of the policy. The Audit Committee annually conducts a top risk review and evaluates the effectiveness of the risk management system.

The CEO and the Leadership Team are accountable to the Board for approving the Company's risk management standards and ensuring they are applied in a constant manner across the organization.

Corporate Risk Management function provides and maintains a process to identify, analyze, evaluate and treat of risks. Risk assessments are conducted twice a year as part of the biannual company planning cycle. Company level risk profile is approved by the Leadership Team. Leadership Team conducts a company level risk review biannually in sync with the operational planning. The Board of Directors and its committees approve and monitor the reporting procedures, as well as the adequacy, appropriateness and effectiveness of the company's business and administrative processes.

Weekly and monthly financial reporting that covers the entire company is used to monitor how well financial targets are being met. The reports include actual figures, plans and up-to-date forecasts. The company has sought to manage the risks relating to its business operations by developing its operating processes and control systems. The Board has set certain appropriate authorization limits to the management, and if these limits are exceeded, the decisions shall be handled by the Board of Directors.

The invoicing is mainly in euros. In order to minimize the impact of the fluctuation of the exchange rates, the goal is to hedge the estimated cash flow of affected currencies. The Company does not provide financing outside the industry standard payment terms. Company's investment policy for cash reserves is conservative. Cash and cash equivalent are mainly invested in short-term funds and other low-risk investments.

During 2012, the most significant risks relate to the competitiveness of F-Secure's product portfolio in the changing market situation, the ability to protect the intellectual property (IPR) in F-Secure's solutions, risk exposure from increasing contractual liability requirements, regional development in new growth markets, sustainability of partner relationships, forming of new business areas, continuous change in the storage and content cloud services markets, and potential security threats targeted to these services.

Internal Control

The purpose of Internal Control is to ensure that operations are effective and aligned with the strategy, financial reporting and that management information is reliable and in compliance with applicable regulations and operating principles.

Internal control consists of all the guidelines, policies, processes, practices and organizational structure that help ensure that the business conduct is in compliance with all applicable regulations, and that all financial reporting is correct. The guidelines and instructions are made to ensure that accounting and financial information is a true and accurate reflection of the activities and financial situation of the company. Actual performance against sales and cost targets and comparison period is constantly followed up by operative reporting systems on a daily, weekly or monthly basis.

The company constantly monitors its cost efficiency and profitability as well as incoming and outgoing payment transactions. If any inconsistencies appear, the issues are handled without delay. The company's controlling function works in close cooperation with CFO and business units, providing relevant data for business planning purposes and sales estimates. Estimates and revenue recognition are constantly monitored with various follow-up methods. The Company's controlling team is responsible for consistency and reliability of internal control methods. The controlling team meets business management and key personnel in order to assess the reliability of estimates on continuous basis.

Internal audit

The principles of internal audit are embedded in written guidelines and policies concerning accounting, risk management and controlling. These guidelines and policies in F-Secure are coordinated by the company's Finance department. The company guidelines cover accounting, reporting, documentation, authorization as well as other relevant issues. F-Secure has no separate internal audit function, and therefore this has been taken into account when defining the scope of external audit. The financial management team meets with the auditors several times a year.

Auditors

F-Secure Corporation's auditor is Ernst & Young Oy, a firm of Authorized Public Accountants. The auditor's term of service is one year. APA Mikko Järventausta is acting as responsible partner and is responsible for the direction and coordination of the audit work. The auditor will report to the Board of Directors at least once a year. During 2012, the Group paid a total of EUR 142 000 for auditing activities and EUR 173 000 for other services.

Annual General Meetings

F-Secure Corporation's highest governing body is the Annual General Meeting of Shareholders. The Annual General Meeting (AGM) shall be held within a period from the end of the financial year as proposed by the Board of Directors and as defined by the law. The AGM shall confirm remunerations to the Board members and auditors, decide the number of members on the Board of Directors, appoint Board members, approve the financial statement, determine the amount of dividends and select the auditors and other issues as described in Article of Associations of F-Secure Corporation and in Finnish Companies Act.

Annual General Meeting of Shareholders 2015

The Annual General Meeting of F-Secure Corporation is scheduled to be held on April 8th 2015 Finnish Time at Company Headquarters in Ruoholahti, Helsinki. The reception of persons who have registered for the meeting and the distribution of voting tickets will commence at 2:45 p.m

It is also possible to register by telephone +358 9 2520 4800 on working days between 9 a.m. to 4 p.m. Finnish time or by regular mail to F-Secure Corporation, Reception/AGM, Tammasaarenkatu 7, PL 24, 00180 Helsinki, Finland.

Annual General Meeting of Shareholders 2014

The Annual General Meeting of F-Secure Corporation was held April 3rd, 2014 at 15:30 Finnish Time at Company Headquarters in Ruoholahti. Material related to the meeting can be found below.

Extraordinary General Meeting of Shareholders 2008

Extraordinary general meeting of shareholders of F-Secure Corporation was held on Tuesday October 28, 2008 starting at 5.00 pm in address F-Secure Plc, Tammasaarenkatu 7 (Ruoholahti), 00180 Helsinki. Below you can find material relating to the meeting.

Remuneration

Remuneration of the Board

The remuneration of the Board is decided by the Annual general meeting. The decisions are made public after the meeting. Read more about the decisions on remuneration on the Annual General Meeting section.

Remuneration of the CEO and management

The Board of Directors decides on the remuneration and other benefits of the CEO. The CEO also belongs to the Company's long-term incentive program. The Board of Directors decides on the remuneration and other benefits of the Leadership Team.

More information on the remuneration of the CEO and Leadership team, option programs and other related issues can be found in note 27 to the financial statements in the Annual Report.

Remuneration statement

The following statement contains broad information on remuneration issues in F-Secure. The statement has been prepared according to the Finnish Corporate Governance Recommendation for Listed Companies published by the Securities Market Association. Please find the statement below. This statement is updated on regular basis if changes occur.

Insiders and Silent Period

Insider regulation

The company follows the insider regulations of the NASDAQ OMX Helsinki. Insiders are divided into three categories: (1) permanent insiders including the members of the Board, the auditors, and the Group's executive team, (2) permanent company-specific non-public insiders including persons who by virtue of their position or tasks learn inside information on a regular basis, and (3) project based insiders.

Permanent public insiders and permanent company specific insiders are not entitled to trade shares, options or other securities 21 days prior to publication of interim financial statements or company accounts.

Trading restrictions during the silent period applies also to interest parties of the insiders mentioned above. The definition of interest parties can be found in the Finnish Securities Markets Act which has been amended and is valid starting from January 1st, 2013.

Silent period

The Group has a silent period of 21 days before each quarterly financial report announcement. During the silent period the company will neither arrange meetings nor conference calls with the investors.